{ config, ... }:
let
  inherit (import ./lib.nix config) mkContainer havenisms;
  hostName = "projects";
in
{

  sops.secrets = {
    "openproject/secret-key-base" = {
      restartUnits = [ "${config.local.container-backend}-openproject.service" ];
      mode = "0400";
      owner = config.users.users.bookstack.name;
    };
  };

  sops.templates."openproject.env" = {
    restartUnits = [ "${config.local.container-backend}-openproject.service" ];
    content = ''
      OPENPROJECT_SECRET_KEY_BASE=${config.sops.placeholder."openproject/secret-key-base"}
      OPENPROJECT_HOST__NAME=${hostName}.${havenisms}
      OPENPROJECT_HTTPS=false
      OPENPROJECT_DEFAULT__LANGUAGE=en
    '';
  };

  virtualisation.oci-containers.containers.openproject = mkContainer {
    inherit hostName;
    # Note: this is the all-in-one container that has it's own database.
    # Consider switching to the `-slim` version and configuring your own
    # database.
    image = "openproject/openproject:15";
    domain = havenisms;
    port = 80;
    homepageOpts = {
      group = "Apps";
      name = "OpenProject";
      icon = "openproject.svg";
      description = "Project Management";
    };
    environmentFiles = [
      config.sops.templates."openproject.env".path
    ];
  };
}